CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6323
https://notcve.org/view.php?id=CVE-2020-6323
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting. SAP NetWeaver Enterprise Portal (Fiori Framework Page) versiones - 7.50, 7.31, 7.40, no codifican suficientemente las entradas controladas por el usuario y permiten a un atacante en una sesión válida crear un ataque de tipo XSS que será reflejado tanto inmediatamente como también será persistente y regresará con mayor acceso al sistema, resultando en una vulnerabilidad de tipo Cross Site Scripting • https://launchpad.support.sap.com/#/notes/2960329 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2020-6324
https://notcve.org/view.php?id=CVE-2020-6324
SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim�s browser leading to Reflected Cross Site Scripting. SAP Netweaver AS ABAP(BSP Test Application sbspext_table), versión-700,701,720,730,731,740,750,751,752,753,754,755, permite a un atacante no autenticado enviar una URL contaminada a la víctima, cuando la víctima hace clic en esta URL, el atacante puede leer, modificar la información disponible en el navegador de la víctima llevando a Reflected Cross Site Scripting • https://launchpad.support.sap.com/#/notes/2948239 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6326
https://notcve.org/view.php?id=CVE-2020-6326
SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting. SAP NetWeaver (Knowledge Management), versión-7.30,7.31,7.40,7.50, permite a un atacante autenticado crear enlaces maliciosos en la Interfaz de Usuario, cuando la víctima haga clic en él, ejecutará scripts java arbitrarios, extrayendo o modificando información que de otro modo estaría restringida conllevando a una vulnerabilidad de tipo Cross Site Scripting Almacenado. • https://launchpad.support.sap.com/#/notes/2953112 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6313
https://notcve.org/view.php?id=CVE-2020-6313
SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting. SAP NetWeaver Application Server JAVA(XML Forms) versiones 7.30, 7.31, 7.40, 7.50, no codifican suficientemente las entradas controladas por el usuario, lo que permite a un Usuario autenticado con roles especiales almacenar contenido malicioso, que cuando accesaba una víctima, puede llevar a cabo acciones maliciosas al ejecutar un JavaScript, conllevando a una vulnerabilidad de tipo Cross-Site Scripting Almacenado. • https://launchpad.support.sap.com/#/notes/2953112 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2020-6310
https://notcve.org/view.php?id=CVE-2020-6310
Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure. Un control de acceso inapropiado en el componente SOA Configuration Trace en SAP NetWeaver (ABAP Server) y la plataforma ABAP, versiones - 702, 730, 731, 740, 750, permite a cualquier usuario autenticado enumerar todos los usuarios de SAP, conllevando a una Divulgación de Información • https://launchpad.support.sap.com/#/notes/2944988 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 •